diff options
author | jeschli <jeschli@gmail.com> | 2018-12-28 14:48:30 +0100 |
---|---|---|
committer | jeschli <jeschli@gmail.com> | 2018-12-28 14:48:30 +0100 |
commit | 06b6454af78e8236a67d69cab94f62c32054be47 (patch) | |
tree | 749fd6025d2e799314cf46d51027dc23fb19c7b8 /lass | |
parent | 8605ac91ae3a3859ab906a5fa2e9b0e3dfcd6e1e (diff) | |
parent | fb254e60949f029cc7cb48764093b49932d0acde (diff) |
Merge branch 'master' of prism.r:stockholm
Diffstat (limited to 'lass')
-rw-r--r-- | lass/1systems/daedalus/config.nix | 4 | ||||
-rw-r--r-- | lass/1systems/mors/config.nix | 1 | ||||
-rw-r--r-- | lass/1systems/prism/config.nix | 31 | ||||
-rw-r--r-- | lass/2configs/baseX.nix | 1 | ||||
-rw-r--r-- | lass/2configs/exim-smarthost.nix | 1 | ||||
-rw-r--r-- | lass/2configs/nfs-dl.nix | 7 | ||||
-rw-r--r-- | lass/2configs/websites/domsen.nix | 1 | ||||
-rw-r--r-- | lass/2configs/websites/lassulus.nix | 3 | ||||
-rw-r--r-- | lass/2configs/websites/sqlBackup.nix | 4 | ||||
-rw-r--r-- | lass/2configs/wiregrill.nix | 2 | ||||
-rw-r--r-- | lass/3modules/mysql-backup.nix | 16 | ||||
-rw-r--r-- | lass/5pkgs/custom/xmonad-lass/default.nix | 7 |
12 files changed, 59 insertions, 19 deletions
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 305b3f70e..e28fbf2f8 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -6,9 +6,8 @@ with import <stockholm/lib>; <stockholm/lass> <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/games.nix> - <stockholm/lass/2configs/steam.nix> <stockholm/lass/2configs/backup.nix> + <stockholm/lass/2configs/nfs-dl.nix> { # bubsy config users.users.bubsy = { @@ -72,6 +71,7 @@ with import <stockholm/lib>; #remote control environment.systemPackages = with pkgs; [ x11vnc + torbrowser ]; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; } diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 46cdbbb66..b39f03df9 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -147,6 +147,7 @@ with import <stockholm/lib>; OnCalendar = "00:37"; }; + nixpkgs.config.android_sdk.accept_license = true; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; virtualisation.docker.enable = true; diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 6c454b4ac..df2778bef 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -82,6 +82,13 @@ with import <stockholm/lib>; ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ]; }; + users.users.kmein = { + uid = genid_uint31 "kmein"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.kmein.pubkey + ]; + }; } { #hotdog @@ -309,7 +316,7 @@ with import <stockholm/lib>; { precedence = 1000; predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; } ]; krebs.iptables.tables.nat.POSTROUTING.rules = [ - { v4 = false; predicate = "-s 42:1:ce16::/48 ! -d 42:1:ce16::48"; target = "MASQUERADE"; } + { v4 = false; predicate = "-s 42:1::/32 ! -d 42:1::/48"; target = "MASQUERADE"; } { v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; } ]; services.dnsmasq = { @@ -390,6 +397,28 @@ with import <stockholm/lib>; ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || : chown download: /var/download/finished ''; + + fileSystems."/export/download" = { + device = "/var/lib/containers/yellow/var/download"; + options = [ "bind" ]; + }; + services.nfs.server = { + enable = true; + exports = '' + /export 42::/16(insecure,ro,crossmnt) + ''; + lockdPort = 4001; + mountdPort = 4002; + statdPort = 4000; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p udp --dport 2049"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p tcp --dport 4000:4002"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; } + ]; } ]; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 1b6a1d593..1f2bb511f 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -9,6 +9,7 @@ in { ./power-action.nix ./copyq.nix ./urxvt.nix + ./nfs-dl.nix { hardware.pulseaudio = { enable = true; diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 1acfe5056..f487a9910 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -95,6 +95,7 @@ with import <stockholm/lib>; { from = "lesswrong@lassul.us"; to = lass.mail; } { from = "nordvpn@lassul.us"; to = lass.mail; } { from = "csv-direct@lassul.us"; to = lass.mail; } + { from = "nintendo@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/nfs-dl.nix b/lass/2configs/nfs-dl.nix new file mode 100644 index 000000000..abbcc1d42 --- /dev/null +++ b/lass/2configs/nfs-dl.nix @@ -0,0 +1,7 @@ +{ + fileSystems."/mnt/prism" = { + device = "prism.w:/export"; + fsType = "nfs"; + }; +} + diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index ce7df4bfb..25dac0ac4 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -135,6 +135,7 @@ in { "jla-trading.com" "ubikmedia.eu" "ubikmedia.de" + "alewis.de" ]; ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem"; ssl_key = "/var/lib/acme/lassul.us/key.pem"; diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 17af0d00d..307f1c2b3 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -63,6 +63,9 @@ in { locations."= /retiolum.hosts".extraConfig = '' alias ${pkgs.retiolum-hosts}; ''; + locations."= /wireguard-key".extraConfig = '' + alias ${pkgs.writeText "prism.wg" config.krebs.hosts.prism.nets.wiregrill.wireguard.pubkey}; + ''; locations."/tinc".extraConfig = '' alias ${config.krebs.tinc_graphs.workingDir}/external; ''; diff --git a/lass/2configs/websites/sqlBackup.nix b/lass/2configs/websites/sqlBackup.nix index 897e35e61..10a6e4643 100644 --- a/lass/2configs/websites/sqlBackup.nix +++ b/lass/2configs/websites/sqlBackup.nix @@ -20,9 +20,7 @@ lass.mysqlBackup = { enable = true; - config.all = { - password = toString (<secrets/mysql_rootPassword>); - }; + config.all = {}; }; } diff --git a/lass/2configs/wiregrill.nix b/lass/2configs/wiregrill.nix index b2ee35df3..0183bd4e5 100644 --- a/lass/2configs/wiregrill.nix +++ b/lass/2configs/wiregrill.nix @@ -37,7 +37,7 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) { ; endpoint = mkIf (!isNull host.nets.wiregrill.via) (host.nets.wiregrill.via.ip4.addr + ":${toString host.nets.wiregrill.wireguard.port}"); persistentKeepalive = mkIf (!isNull host.nets.wiregrill.via) 61; - publicKey = host.nets.wiregrill.wireguard.pubkey; + publicKey = (replaceStrings ["\n"] [""] host.nets.wiregrill.wireguard.pubkey); }) (filterAttrs (_: h: hasAttr "wiregrill" h.nets) config.krebs.hosts); }; diff --git a/lass/3modules/mysql-backup.nix b/lass/3modules/mysql-backup.nix index d2ae67171..516f96c34 100644 --- a/lass/3modules/mysql-backup.nix +++ b/lass/3modules/mysql-backup.nix @@ -41,7 +41,7 @@ let }; location = mkOption { type = str; - default = "/bku/sql_dumps"; + default = "/backups/sql_dumps"; }; }; })); @@ -51,11 +51,9 @@ let imp = { - #systemd.timers = - # mapAttrs (_: plan: { - # wantedBy = [ "timers.target" ]; - # timerConfig = plan.timerConfig; - #}) cfg.config; + services.mysql.ensureUsers = [ + { ensurePermissions = { "*.*" = "ALL"; }; name = "root"; } + ]; systemd.services = mapAttrs' (_: plan: nameValuePair "mysqlBackup-${plan.name}" { @@ -75,8 +73,10 @@ let start = plan: let - backupScript = plan: db: - "mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz"; + backupScript = plan: db: '' + mkdir -p ${plan.location} + mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz + ''; in pkgs.pkgs.writeDash "mysqlBackup.${plan.name}" '' ${concatMapStringsSep "\n" (backupScript plan) plan.databases} diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index 79e6416e1..483e37bc8 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -11,10 +11,7 @@ pkgs.writeHaskellPackage "xmonad-lass" { "xmonad-stockholm" ]; text = /* haskell */ '' -{-# LANGUAGE DeriveDataTypeable #-} -- for XS -{-# LANGUAGE FlexibleContexts #-} -- for xmonad' {-# LANGUAGE LambdaCase #-} -{-# LANGUAGE ScopedTypeVariables #-} module Main where @@ -28,7 +25,7 @@ import System.Environment (getArgs, lookupEnv) import System.Exit (exitFailure) import System.IO (hPutStrLn, stderr) import System.Posix.Process (executeFile) -import XMonad.Actions.CopyWindow (copy, kill1) +import XMonad.Actions.CopyWindow (copy, copyToAll, kill1) import XMonad.Actions.CycleWS (toggleWS) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace) import XMonad.Actions.DynamicWorkspaces (withWorkspace) @@ -149,6 +146,8 @@ myKeyMap = , ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show") + , ("M4-<F2>", windows copyToAll) + , ("M4-<F4>", spawn "${pkgs.writeDash "nm-dmenu" '' export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@" |